improve upon the holy Wireguard scriptures - www.codemadness.org - www.codemadness.org saait content files
HTML git clone git://git.codemadness.org/www.codemadness.org
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit ca874c125feeab74204918d970e374388e97ddd9
DIR parent 8f6aceaffb3ccc5784571dd8c18e1480ce402327
HTML Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sat, 28 Mar 2026 13:40:09 +0100
improve upon the holy Wireguard scriptures
+ xargs header h1 to h2.
Diffstat:
M config.cfg | 2 +-
M output/atom.xml | 4 ++--
M output/atom_content.xml | 71 +++++++++++++++++--------------
M output/atom_content_gopher.xml | 71 +++++++++++++++++--------------
M output/atom_gopher.xml | 4 ++--
M output/jsonfeed_content.json | 4 ++--
M output/jsonfeed_content_gopher.json | 4 ++--
M output/phlog/wireguard | 51 +++++++++++++++++++------------
M output/phlog/xargs | 18 +++++++++---------
M output/rss_content.xml | 67 ++++++++++++++++++-------------
M output/rss_content_gopher.xml | 67 ++++++++++++++++++-------------
M output/sfeed_content.tsv | 4 ++--
M output/sfeed_content_gopher.tsv | 4 ++--
M output/sitemap.xml | 2 +-
M output/wireguard.html | 49 ++++++++++++++++++-------------
M output/wireguard.md | 49 +++++++++++++++++++------------
M output/xargs.html | 18 +++++++++---------
M output/xargs.md | 18 +++++++++---------
M pages/wireguard.cfg | 2 +-
M pages/wireguard.md | 49 +++++++++++++++++++------------
M pages/xargs.md | 18 +++++++++---------
21 files changed, 327 insertions(+), 249 deletions(-)
---
DIR diff --git a/config.cfg b/config.cfg
@@ -1,5 +1,5 @@
# last updated the site.
-siteupdated = 2026-03-27
+siteupdated = 2026-03-28
sitetitle = Codemadness
siteurl = https://www.codemadness.org
DIR diff --git a/output/atom.xml b/output/atom.xml
@@ -2,7 +2,7 @@
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title>Codemadness</title>
<subtitle>blog with various projects and articles about computer-related things</subtitle>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<link rel="alternate" type="text/html" href="https://www.codemadness.org" />
<id>https://www.codemadness.org/atom.xml</id>
<link rel="self" type="application/atom+xml" href="https://www.codemadness.org/atom.xml" />
@@ -10,7 +10,7 @@
<title>Wireguard on OpenBSD for use as a mobile VPN</title>
<link rel="alternate" type="text/html" href="https://www.codemadness.org/wireguard.html" />
<id>https://www.codemadness.org/wireguard.html</id>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<published>2026-03-27T00:00:00Z</published>
<author>
<name>Hiltjo</name>
DIR diff --git a/output/atom_content.xml b/output/atom_content.xml
@@ -2,7 +2,7 @@
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title>Codemadness</title>
<subtitle>blog with various projects and articles about computer-related things</subtitle>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<link rel="alternate" type="text/html" href="https://www.codemadness.org" />
<id>https://www.codemadness.org/atom_content.xml</id>
<link rel="self" type="application/atom+xml" href="https://www.codemadness.org/atom_content.xml" />
@@ -10,7 +10,7 @@
<title>Wireguard on OpenBSD for use as a mobile VPN</title>
<link rel="alternate" type="text/html" href="https://www.codemadness.org/wireguard.html" />
<id>https://www.codemadness.org/wireguard.html</id>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<published>2026-03-27T00:00:00Z</published>
<author>
<name>Hiltjo</name>
@@ -18,7 +18,7 @@
</author>
<summary>Guide to setup a Wireguard endpoint on OpenBSD to use as a (mobile) VPN</summary>
<content type="html"><![CDATA[<h1>Wireguard on OpenBSD for use as a mobile VPN</h1>
- <p><strong>Last modification on </strong> <time>2026-03-27</time></p>
+ <p><strong>Last modification on </strong> <time>2026-03-28</time></p>
<p>Wireguard is a fast, modern and secure VPN tunnel.</p>
<p>Below is a guide to setup <a href="https://www.wireguard.com/">Wireguard</a> on the OpenBSD
operating system intended for use with a mobile VPN.</p>
@@ -30,13 +30,15 @@ and public key.</p>
<p>To install the wireguard-tools package on OpenBSD:</p>
<pre><code># pkg_add wireguard-tools
</code></pre>
-<h1>Enable IPv4 traffic forwarding</h1>
+<h2>Enable IPv4 traffic forwarding</h2>
<p>To enable traffic forwarding for IPv4 run:</p>
<pre><code># sysctl net.inet.ip.forwarding=1
</code></pre>
<p>To make it persistent add the above lines to the file /etc/sysctl.conf. These
sysctl lines are loaded on boot time.</p>
-<h1>Server: /etc/hostname.wg0</h1>
+<h2>Server config: /etc/hostname.wg0</h2>
+<p>This is an example config for the wg0 network interface. It is stored at
+/etc/hostname.wg0:</p>
<pre><code>wgport 51820 wgkey 'private_key_here'
inet 10.1.2.1/24
up
@@ -44,7 +46,7 @@ up
# peer: phone
wgpeer 'pubkey' wgaip 10.1.2.2/32 wgdescr 'phone' wgpsk 'psk_here'
</code></pre>
-<h1>Generating a private key</h1>
+<h2>Generating a private key</h2>
<p>Using wireguard-tools wg command:</p>
<pre><code>$ wg genkey
</code></pre>
@@ -54,7 +56,7 @@ public.key:</p>
<pre><code>$ wg genkey | tee private.key | wg pubkey > public.key
</code></pre>
<p><strong>Keep the private key secure. Do not share it with anyone!</strong></p>
-<h1>Generate a separate preshared key (PSK).</h1>
+<h2>Generate a separate preshared key (PSK).</h2>
<p>Using a preshared key (PSK) is optional, but recommended. This is used in the
handshake to guard against future compromise of the peers' encrypted tunnel if
a quantum-computational attack on their Diffie-Hellman exchange becomes
@@ -75,7 +77,7 @@ permissions to view all information):</p>
<p>In the ifconfig wg0 output it should list the server public key as:</p>
<pre><code>wgpubkey server_pubkey_here
</code></pre>
-<h1>Full example of a client config: wg-client.conf</h1>
+<h2>Full example of a client config: wg-client.conf</h2>
<pre><code>[Interface]
Address = 10.1.2.2/32
DNS = 10.1.2.1
@@ -88,7 +90,7 @@ PreSharedKey = 8ao/EMExyPAHrT3ShX+lnA0u7jUmo7MhrT0GjDcrIJA=
PublicKey = Rny+AW4EPqPPxfO+8O+QdlkIrWbZRGQ6u6Fje5pUOFM=
</code></pre>
<p><strong>Of course do not copy-paste this private key and PSK. Generate your own ;)</strong></p>
-<h1>pf(4) firewall rules</h1>
+<h2>pf(4) firewall rules</h2>
<p>Below is a fragment of the firewall rules required for Wireguard.
These rules assume a simple VPS with a vio network interface connected to the
interwebs (no double NAT or other weird complex things ;)).</p>
@@ -100,15 +102,15 @@ pass in quick on wg0 proto udp from any to any port 51820
# allow all on wireguard
pass quick on wg0
</code></pre>
-<h1>Mobile VPN application</h1>
+<h2>Mobile VPN application</h2>
<p>For Android download the APK from <a href="https://www.wireguard.com/install/">https://www.wireguard.com/install/</a>.
There are also other versions available on the page.</p>
-<h1>Android Wireguard settings</h1>
-<h1>Adding a tunnel</h1>
+<h2>Android Wireguard settings</h2>
+<h2>Adding a tunnel</h2>
<p>In the Wireguard application press the plus (+) button in the bottom left of
the screen to add a tunnel.</p>
-<h1>Option: "Scan from QR code"</h1>
-<h2>Generate a QR code image from a client config</h2>
+<h2>Option: "Scan from QR code"</h2>
+<h3>Generate a QR code image from a client config</h3>
<p>Install the libqrencode package for qrencode:</p>
<pre><code># pkg_add libqrencode
</code></pre>
@@ -124,15 +126,15 @@ and/or destroy it immediately.</p>
<p><img src="downloads/openbsd-wg/inspector_gadget.jpg" alt="inspector Gadget reading self-destruct message" width="320" height="240" loading="lazy" /></p>
<p><a href="downloads/openbsd-wg/inspector_gadget.webm">Inspector Gadget, self-destruct video clip</a></p>
<p>Now scan the generated image to import the config.</p>
-<h1>Option: "Import from file or archive"</h1>
+<h3>Option: "Import from file or archive"</h3>
<p>Import a text .conf file or archive (ZIP) file containing one or more configs.</p>
<p>Example conf file: <a href="downloads/openbsd-wg/client-example.conf">client-example.conf</a>.<br />
Example ZIP file: <a href="downloads/openbsd-wg/client-example.zip">client-example.zip</a>.</p>
-<h1>Option: "Create from scratch"</h1>
+<h3>Option: "Create from scratch"</h3>
<p>Generating the private key on the device itself and sharing the public key and
PSK is probably the safest option. Although sharing the public key text from a
mobile device can be a bit annoying.</p>
-<h1>Android settings</h1>
+<h2>Android settings</h2>
<p>Only allow connections and DNS using VPN:</p>
<ul>
<li>Settings -> VPN -> Network & Internet:
@@ -154,7 +156,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
</li>
<li>Set a secure and privacy-respecting DNS server.</li>
</ul>
-<h1>Debugging tips</h1>
+<h2>Debugging tips</h2>
<p>For the Wireguard Android application you can find a textual log:</p>
<ul>
<li>Open the Wireguard application.</li>
@@ -164,7 +166,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
<p>On the OpenBSD server you can run enable run-time debugging on the wg0 interface:</p>
<pre><code># ifconfig wg0 debug
</code></pre>
-<h1>Bonus: example using wg-quick from wg-tools</h1>
+<h2>Bonus: example using wg-quick from wg-tools</h2>
<p>Using the wg-quick program from wg-tools you can also quickly setup a client.
This will setup the DNS, routing and interface. It can setup and restore the
DNS and routing settings easily.</p>
@@ -174,13 +176,13 @@ DNS and routing settings easily.</p>
<p>As root, to restore the interface:</p>
<pre><code># wg-quick down absolute/path/to/config/wg-client.conf
</code></pre>
-<h1>Bonus: generating a private key using only OpenSSL commands</h1>
+<h2>Bonus: generating a private key using only OpenSSL commands</h2>
<p>Generate a private key:</p>
<pre><code>$ openssl genpkey -algorithm X25519 -outform DER -out private.der
</code></pre>
<p>Now extract the last 32 bytes which has part of the actual private key (the
first ASN.1 DER encoded bytes contain metadata information). Convert the actual
-key (partly truncated) data to base64.</p>
+key data to base64.</p>
<p>Run:</p>
<pre><code>$ tail -c 32 private.der | openssl enc -a -A > private.key
</code></pre>
@@ -190,7 +192,14 @@ key (partly truncated) data to base64.</p>
<p>Convert public key to Wireguard format:</p>
<pre><code>$ tail -c 32 public.der | openssl enc -a -A > public.key
</code></pre>
-<h1>References</h1>
+<p>Or even the magical voodoo commands:</p>
+<pre><code>$ openssl rand -base64 32 > private.key
+$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) |
+ openssl pkey -inform DER -pubout -outform DER | \
+ tail -c 32 | \
+ openssl enc -a -A > public.key
+</code></pre>
+<h2>References</h2>
<ul>
<li><a href="https://www.wireguard.com/">Wireguard</a>:
<ul>
@@ -487,7 +496,7 @@ Strong open-source chess engine and analysis tool:<br />
<p><strong>Last modification on </strong> <time>2023-12-17</time></p>
<p>This describes a simple shellscript programming pattern to process a list of
jobs in parallel. This script example is contained in one file.</p>
-<h1>Simple but less optimal example</h1>
+<h2>Simple but less optimal example</h2>
<pre><code>#!/bin/sh
maxjobs=4
@@ -517,7 +526,7 @@ for f in 1 2 3 4 5 6 7 8 9 10; do
done
wait
</code></pre>
-<h1>Why is this less optimal</h1>
+<h2>Why is this less optimal</h2>
<p>This is less optimal because it waits until all jobs in the same batch are finished
(each batch contain $maxjobs items).</p>
<p>For example with 2 items per batch and 4 total jobs it could be:</p>
@@ -540,7 +549,7 @@ wait
</ul>
<p>It also does not handle signals such as SIGINT (^C). However the xargs example
below does:</p>
-<h1>Example</h1>
+<h2>Example</h2>
<pre><code>#!/bin/sh
maxjobs=4
@@ -575,7 +584,7 @@ list() {
# process jobs in parallel.
list | CHILD_MODE="1" xargs -r -0 -P "${maxjobs}" -L 2 "$(readlink -f "$0")"
</code></pre>
-<h1>Run and timings</h1>
+<h2>Run and timings</h2>
<p>Although the above example is kindof stupid, it already shows the queueing of
jobs is more efficient.</p>
<p>Script 1:</p>
@@ -588,7 +597,7 @@ real 0m22.095s
[...snip snip...]
real 0m18.120s
</code></pre>
-<h1>How it works</h1>
+<h2>How it works</h2>
<p>The parent process:</p>
<ul>
<li>The parent, using xargs, handles the queue of jobs and schedules the jobs to
@@ -622,7 +631,7 @@ For example if the program is killed, stopped or the exit status is 255 then
xargs stops running also.</p>
</li>
</ul>
-<h1>Description of used xargs options</h1>
+<h2>Description of used xargs options</h2>
<p>From the OpenBSD man page: <a href="https://man.openbsd.org/xargs">https://man.openbsd.org/xargs</a></p>
<pre><code>xargs - construct argument list(s) and execute utility
</code></pre>
@@ -639,7 +648,7 @@ ending in unescaped white space and the next non-empty line are considered
to form one single line. If EOF is reached and fewer than number lines have
been read then utility will be called with the available lines.</li>
</ul>
-<h1>xargs options -0 and -P, portability and historic context</h1>
+<h2>xargs options -0 and -P, portability and historic context</h2>
<p>Some of the options, like -P are as of writing (2023) non-POSIX:
<a href="https://pubs.opengroup.org/onlinepubs/9699919799/utilities/xargs.html">https://pubs.opengroup.org/onlinepubs/9699919799/utilities/xargs.html</a>.
However many systems support this useful extension for many years now.</p>
@@ -668,7 +677,7 @@ Date: Sun Feb 4 20:35:16 1996 +0000
Initial revision
</code></pre>
-<h1>xargs: some incompatibilities found</h1>
+<h2>xargs: some incompatibilities found</h2>
<ul>
<li>Using the -0 option empty fields are handled differently in different
implementations.</li>
@@ -680,7 +689,7 @@ around 2017.</li>
<p>Depending on what you want to do a workaround could be to use the -0 option
with a single field and use the -n flag. Then in each child program invocation
split the field by a separator.</p>
-<h1>References</h1>
+<h2>References</h2>
<ul>
<li>xargs: <a href="https://man.openbsd.org/xargs">https://man.openbsd.org/xargs</a></li>
<li>printf: <a href="https://man.openbsd.org/printf">https://man.openbsd.org/printf</a></li>
DIR diff --git a/output/atom_content_gopher.xml b/output/atom_content_gopher.xml
@@ -2,7 +2,7 @@
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title>Codemadness</title>
<subtitle>blog with various projects and articles about computer-related things</subtitle>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<link rel="alternate" type="text/gopher" href="gopher://codemadness.org" />
<id>gopher://codemadness.org/0/atom_content_gopher.xml</id>
<link rel="self" type="application/atom+xml" href="gopher://codemadness.org/0/atom_content_gopher.xml" />
@@ -10,7 +10,7 @@
<title>Wireguard on OpenBSD for use as a mobile VPN</title>
<link rel="alternate" type="text/gopher" href="gopher://codemadness.org/1/phlog/wireguard" />
<id>gopher://codemadness.org/1/phlog/wireguard</id>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<published>2026-03-27T00:00:00Z</published>
<author>
<name>Hiltjo</name>
@@ -18,7 +18,7 @@
</author>
<summary>Guide to setup a Wireguard endpoint on OpenBSD to use as a (mobile) VPN</summary>
<content type="html"><![CDATA[<h1>Wireguard on OpenBSD for use as a mobile VPN</h1>
- <p><strong>Last modification on </strong> <time>2026-03-27</time></p>
+ <p><strong>Last modification on </strong> <time>2026-03-28</time></p>
<p>Wireguard is a fast, modern and secure VPN tunnel.</p>
<p>Below is a guide to setup <a href="https://www.wireguard.com/">Wireguard</a> on the OpenBSD
operating system intended for use with a mobile VPN.</p>
@@ -30,13 +30,15 @@ and public key.</p>
<p>To install the wireguard-tools package on OpenBSD:</p>
<pre><code># pkg_add wireguard-tools
</code></pre>
-<h1>Enable IPv4 traffic forwarding</h1>
+<h2>Enable IPv4 traffic forwarding</h2>
<p>To enable traffic forwarding for IPv4 run:</p>
<pre><code># sysctl net.inet.ip.forwarding=1
</code></pre>
<p>To make it persistent add the above lines to the file /etc/sysctl.conf. These
sysctl lines are loaded on boot time.</p>
-<h1>Server: /etc/hostname.wg0</h1>
+<h2>Server config: /etc/hostname.wg0</h2>
+<p>This is an example config for the wg0 network interface. It is stored at
+/etc/hostname.wg0:</p>
<pre><code>wgport 51820 wgkey 'private_key_here'
inet 10.1.2.1/24
up
@@ -44,7 +46,7 @@ up
# peer: phone
wgpeer 'pubkey' wgaip 10.1.2.2/32 wgdescr 'phone' wgpsk 'psk_here'
</code></pre>
-<h1>Generating a private key</h1>
+<h2>Generating a private key</h2>
<p>Using wireguard-tools wg command:</p>
<pre><code>$ wg genkey
</code></pre>
@@ -54,7 +56,7 @@ public.key:</p>
<pre><code>$ wg genkey | tee private.key | wg pubkey > public.key
</code></pre>
<p><strong>Keep the private key secure. Do not share it with anyone!</strong></p>
-<h1>Generate a separate preshared key (PSK).</h1>
+<h2>Generate a separate preshared key (PSK).</h2>
<p>Using a preshared key (PSK) is optional, but recommended. This is used in the
handshake to guard against future compromise of the peers' encrypted tunnel if
a quantum-computational attack on their Diffie-Hellman exchange becomes
@@ -75,7 +77,7 @@ permissions to view all information):</p>
<p>In the ifconfig wg0 output it should list the server public key as:</p>
<pre><code>wgpubkey server_pubkey_here
</code></pre>
-<h1>Full example of a client config: wg-client.conf</h1>
+<h2>Full example of a client config: wg-client.conf</h2>
<pre><code>[Interface]
Address = 10.1.2.2/32
DNS = 10.1.2.1
@@ -88,7 +90,7 @@ PreSharedKey = 8ao/EMExyPAHrT3ShX+lnA0u7jUmo7MhrT0GjDcrIJA=
PublicKey = Rny+AW4EPqPPxfO+8O+QdlkIrWbZRGQ6u6Fje5pUOFM=
</code></pre>
<p><strong>Of course do not copy-paste this private key and PSK. Generate your own ;)</strong></p>
-<h1>pf(4) firewall rules</h1>
+<h2>pf(4) firewall rules</h2>
<p>Below is a fragment of the firewall rules required for Wireguard.
These rules assume a simple VPS with a vio network interface connected to the
interwebs (no double NAT or other weird complex things ;)).</p>
@@ -100,15 +102,15 @@ pass in quick on wg0 proto udp from any to any port 51820
# allow all on wireguard
pass quick on wg0
</code></pre>
-<h1>Mobile VPN application</h1>
+<h2>Mobile VPN application</h2>
<p>For Android download the APK from <a href="https://www.wireguard.com/install/">https://www.wireguard.com/install/</a>.
There are also other versions available on the page.</p>
-<h1>Android Wireguard settings</h1>
-<h1>Adding a tunnel</h1>
+<h2>Android Wireguard settings</h2>
+<h2>Adding a tunnel</h2>
<p>In the Wireguard application press the plus (+) button in the bottom left of
the screen to add a tunnel.</p>
-<h1>Option: "Scan from QR code"</h1>
-<h2>Generate a QR code image from a client config</h2>
+<h2>Option: "Scan from QR code"</h2>
+<h3>Generate a QR code image from a client config</h3>
<p>Install the libqrencode package for qrencode:</p>
<pre><code># pkg_add libqrencode
</code></pre>
@@ -124,15 +126,15 @@ and/or destroy it immediately.</p>
<p><img src="downloads/openbsd-wg/inspector_gadget.jpg" alt="inspector Gadget reading self-destruct message" width="320" height="240" loading="lazy" /></p>
<p><a href="downloads/openbsd-wg/inspector_gadget.webm">Inspector Gadget, self-destruct video clip</a></p>
<p>Now scan the generated image to import the config.</p>
-<h1>Option: "Import from file or archive"</h1>
+<h3>Option: "Import from file or archive"</h3>
<p>Import a text .conf file or archive (ZIP) file containing one or more configs.</p>
<p>Example conf file: <a href="downloads/openbsd-wg/client-example.conf">client-example.conf</a>.<br />
Example ZIP file: <a href="downloads/openbsd-wg/client-example.zip">client-example.zip</a>.</p>
-<h1>Option: "Create from scratch"</h1>
+<h3>Option: "Create from scratch"</h3>
<p>Generating the private key on the device itself and sharing the public key and
PSK is probably the safest option. Although sharing the public key text from a
mobile device can be a bit annoying.</p>
-<h1>Android settings</h1>
+<h2>Android settings</h2>
<p>Only allow connections and DNS using VPN:</p>
<ul>
<li>Settings -> VPN -> Network & Internet:
@@ -154,7 +156,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
</li>
<li>Set a secure and privacy-respecting DNS server.</li>
</ul>
-<h1>Debugging tips</h1>
+<h2>Debugging tips</h2>
<p>For the Wireguard Android application you can find a textual log:</p>
<ul>
<li>Open the Wireguard application.</li>
@@ -164,7 +166,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
<p>On the OpenBSD server you can run enable run-time debugging on the wg0 interface:</p>
<pre><code># ifconfig wg0 debug
</code></pre>
-<h1>Bonus: example using wg-quick from wg-tools</h1>
+<h2>Bonus: example using wg-quick from wg-tools</h2>
<p>Using the wg-quick program from wg-tools you can also quickly setup a client.
This will setup the DNS, routing and interface. It can setup and restore the
DNS and routing settings easily.</p>
@@ -174,13 +176,13 @@ DNS and routing settings easily.</p>
<p>As root, to restore the interface:</p>
<pre><code># wg-quick down absolute/path/to/config/wg-client.conf
</code></pre>
-<h1>Bonus: generating a private key using only OpenSSL commands</h1>
+<h2>Bonus: generating a private key using only OpenSSL commands</h2>
<p>Generate a private key:</p>
<pre><code>$ openssl genpkey -algorithm X25519 -outform DER -out private.der
</code></pre>
<p>Now extract the last 32 bytes which has part of the actual private key (the
first ASN.1 DER encoded bytes contain metadata information). Convert the actual
-key (partly truncated) data to base64.</p>
+key data to base64.</p>
<p>Run:</p>
<pre><code>$ tail -c 32 private.der | openssl enc -a -A > private.key
</code></pre>
@@ -190,7 +192,14 @@ key (partly truncated) data to base64.</p>
<p>Convert public key to Wireguard format:</p>
<pre><code>$ tail -c 32 public.der | openssl enc -a -A > public.key
</code></pre>
-<h1>References</h1>
+<p>Or even the magical voodoo commands:</p>
+<pre><code>$ openssl rand -base64 32 > private.key
+$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) |
+ openssl pkey -inform DER -pubout -outform DER | \
+ tail -c 32 | \
+ openssl enc -a -A > public.key
+</code></pre>
+<h2>References</h2>
<ul>
<li><a href="https://www.wireguard.com/">Wireguard</a>:
<ul>
@@ -487,7 +496,7 @@ Strong open-source chess engine and analysis tool:<br />
<p><strong>Last modification on </strong> <time>2023-12-17</time></p>
<p>This describes a simple shellscript programming pattern to process a list of
jobs in parallel. This script example is contained in one file.</p>
-<h1>Simple but less optimal example</h1>
+<h2>Simple but less optimal example</h2>
<pre><code>#!/bin/sh
maxjobs=4
@@ -517,7 +526,7 @@ for f in 1 2 3 4 5 6 7 8 9 10; do
done
wait
</code></pre>
-<h1>Why is this less optimal</h1>
+<h2>Why is this less optimal</h2>
<p>This is less optimal because it waits until all jobs in the same batch are finished
(each batch contain $maxjobs items).</p>
<p>For example with 2 items per batch and 4 total jobs it could be:</p>
@@ -540,7 +549,7 @@ wait
</ul>
<p>It also does not handle signals such as SIGINT (^C). However the xargs example
below does:</p>
-<h1>Example</h1>
+<h2>Example</h2>
<pre><code>#!/bin/sh
maxjobs=4
@@ -575,7 +584,7 @@ list() {
# process jobs in parallel.
list | CHILD_MODE="1" xargs -r -0 -P "${maxjobs}" -L 2 "$(readlink -f "$0")"
</code></pre>
-<h1>Run and timings</h1>
+<h2>Run and timings</h2>
<p>Although the above example is kindof stupid, it already shows the queueing of
jobs is more efficient.</p>
<p>Script 1:</p>
@@ -588,7 +597,7 @@ real 0m22.095s
[...snip snip...]
real 0m18.120s
</code></pre>
-<h1>How it works</h1>
+<h2>How it works</h2>
<p>The parent process:</p>
<ul>
<li>The parent, using xargs, handles the queue of jobs and schedules the jobs to
@@ -622,7 +631,7 @@ For example if the program is killed, stopped or the exit status is 255 then
xargs stops running also.</p>
</li>
</ul>
-<h1>Description of used xargs options</h1>
+<h2>Description of used xargs options</h2>
<p>From the OpenBSD man page: <a href="https://man.openbsd.org/xargs">https://man.openbsd.org/xargs</a></p>
<pre><code>xargs - construct argument list(s) and execute utility
</code></pre>
@@ -639,7 +648,7 @@ ending in unescaped white space and the next non-empty line are considered
to form one single line. If EOF is reached and fewer than number lines have
been read then utility will be called with the available lines.</li>
</ul>
-<h1>xargs options -0 and -P, portability and historic context</h1>
+<h2>xargs options -0 and -P, portability and historic context</h2>
<p>Some of the options, like -P are as of writing (2023) non-POSIX:
<a href="https://pubs.opengroup.org/onlinepubs/9699919799/utilities/xargs.html">https://pubs.opengroup.org/onlinepubs/9699919799/utilities/xargs.html</a>.
However many systems support this useful extension for many years now.</p>
@@ -668,7 +677,7 @@ Date: Sun Feb 4 20:35:16 1996 +0000
Initial revision
</code></pre>
-<h1>xargs: some incompatibilities found</h1>
+<h2>xargs: some incompatibilities found</h2>
<ul>
<li>Using the -0 option empty fields are handled differently in different
implementations.</li>
@@ -680,7 +689,7 @@ around 2017.</li>
<p>Depending on what you want to do a workaround could be to use the -0 option
with a single field and use the -n flag. Then in each child program invocation
split the field by a separator.</p>
-<h1>References</h1>
+<h2>References</h2>
<ul>
<li>xargs: <a href="https://man.openbsd.org/xargs">https://man.openbsd.org/xargs</a></li>
<li>printf: <a href="https://man.openbsd.org/printf">https://man.openbsd.org/printf</a></li>
DIR diff --git a/output/atom_gopher.xml b/output/atom_gopher.xml
@@ -2,7 +2,7 @@
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title>Codemadness</title>
<subtitle>blog with various projects and articles about computer-related things</subtitle>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<link rel="alternate" type="text/gopher" href="gopher://codemadness.org" />
<id>gopher://codemadness.org/0/atom_gopher.xml</id>
<link rel="self" type="application/atom+xml" href="gopher://codemadness.org/0/atom_gopher.xml" />
@@ -10,7 +10,7 @@
<title>Wireguard on OpenBSD for use as a mobile VPN</title>
<link rel="alternate" type="text/gopher" href="gopher://codemadness.org/1/phlog/wireguard" />
<id>gopher://codemadness.org/1/phlog/wireguard</id>
- <updated>2026-03-27T00:00:00Z</updated>
+ <updated>2026-03-28T00:00:00Z</updated>
<published>2026-03-27T00:00:00Z</published>
<author>
<name>Hiltjo</name>
DIR diff --git a/output/jsonfeed_content.json b/output/jsonfeed_content.json
@@ -8,7 +8,7 @@
"title": "Wireguard on OpenBSD for use as a mobile VPN",
"url": "https://www.codemadness.org/wireguard.html",
"authors": [{"name": "Hiltjo"}],
codemadness.org:70 /git/www.codemadness.org/commit/ca874c125feeab74204918d970e374388e97ddd9.gph:600: line too long